Back in the old days, I recall a finance type person saying something like: The
Gold Standard is that it should take collusion between two or more people to
defraud the company.
If we apply that to IT, then shouldn't pswds for privileged userids that can
access/change financial data be long
Does anyone run applications in z/VM? Isn't the 'protected data' owned by
some other OS (z/OS, z/VSE, zLINUX). It seems that the high level security
effort belongs in those OS's. z/VM just needs to keep those systems isolated
and NOT be able to circumvent their security procedures.
On Fri, Dec
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: Vswitch Grant as a CMD in User's Directory?
Does anyone run applications in z/VM? Isn't the 'protected data' owned by
some other OS (z/OS, z/VSE, zLINUX). It seems that the high level security
effort belongs in those OS's. z/VM just needs to keep
Yes - CMS is the operating system used to run 'z/VM applications' -- if
that's what you mean. At one time - every IBMer had a z/VM CMS guest --
it's how they got their email (PROFS/OfficeVision), submitted expenses,
claimed time, etc. Those apps have mostly moved off z/VM - but some still
have other VM's for running LINUX or VSE .
Granted it is a vast minority of what it was 10, 15, and 20 years ago.
munson
From: Tom Huegel tehue...@gmail.com
To: IBMVM@LISTSERV.UARK.EDU
Date: 12/10/2010 09:16 AM
Subject:Re: Vswitch Grant as a CMD in User's Directory?
Sent
Tom Huegel tehue...@gmail.com wrote :-
Does anyone run applications in z/VM? :-
Speaking for ourselves - yes. We recently did an exercise to look at the
support effort required to maintain our VM system and came to the
conclusion that at least 80% was related to local applications and local
: 12/10/2010 09:16 AM
Subject:Re: Vswitch Grant as a CMD in User's Directory?
Sent by:The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
Does anyone run applications in z/VM? Isn't the 'protected data' owned by
some other OS (z/OS, z/VSE, zLINUX). It seems
[mailto:ib...@listserv.uark.edu] On
Behalf Of Tom Huegel
Sent: Friday, December 10, 2010 8:16 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
Does anyone run applications in z/VM? Isn't the 'protected data' owned
by some other OS (z/OS, z/VSE, zLINUX). It seems
On Friday, 12/10/2010 at 05:46 EST, Les Koehler vmr...@tampabay.rr.com
wrote:
Back in the old days, I recall a finance type person saying something
like: The
Gold Standard is that it should take collusion between two or more
people to
defraud the company.
Preventing collusion between two
Subject
Re: Vswitch Grant as a CMD in User's Directory?
Tom,
as Mike said there are a lot of companies I know of that are using CMS
applications for day to day work and the DATA resides on VM
they are using FOCUS for report generation , as well as MAILBOOK for
e-mail and interoffice file
...@listserv.uark.edu] On Behalf Of George Henke/NYLIC
Sent: Friday, December 10, 2010 10:53 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
Some companies in the past preferred to confine application
programmers to CMS due to the large overhead of TSO address
[mailto:ib...@listserv.uark.edu] On Behalf Of George Henke/NYLIC
Sent: Friday, December 10, 2010 10:53 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
Some companies in the past preferred to confine application
programmers to CMS due to the large overhead
On Friday, 12/10/2010 at 09:17 EST, Tom Huegel tehue...@gmail.com wrote:
Does anyone run applications in z/VM? Isn't the 'protected data' owned
by some
other OS (z/OS, z/VSE, zLINUX). It seems that the high level security
effort
belongs in those OS's. z/VM just needs to keep those systems
It is a hard sell to management to buy an ESM if there is no audit
requirement.
Thus my point about IBM quitting whining to us about buying one and start
supplying one by default as the Right and Proper Way.
On 12/9/10 3:27 AM, Alan Altmark alan_altm...@us.ibm.com wrote:
In order to achieve the savings you imply, then z/VM must move to the
z/OS
model in which, except for a few specific functions, an ESM is required
for proper operation. NO native CP security controls beyone those
required to
On Wed, Dec 8, 2010 at 7:38 PM, Alan Altmark alan_altm...@us.ibm.com wrote:
I've been saying for several years, You need an ESM. More and more
z/VM security management will be focused on ESMs, not native CP. If your
fave ESM doesn't simplify things for you, gripe to the vendor.
That's
Of Alan Altmark
Sent: Wednesday, December 08, 2010 8:32 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
On Wednesday, 12/08/2010 at 03:11 EST, RPN01
nix.rob...@mayo.edu wrote:
But, should you have to have an external security manager
for a system
where
[mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark
Sent: Wednesday, December 08, 2010 8:32 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
On Wednesday, 12/08/2010 at 03:11 EST, RPN01
nix.rob...@mayo.edu wrote:
But, should you have
-Original Message-
From: The IBM z/VM Operating System
[mailto:ib...@listserv.uark.edu] On Behalf Of Tom Huegel
Sent: Thursday, December 09, 2010 11:01 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
snip
Don't you just love the airport
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
Does it really matter? SOX is just another way congress has come up with to
destroy the American economy, and in fact the American way of life. Besides all
of our passwords are probably available on Wikileaks anyway
12:00 PM
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: Vswitch Grant as a CMD in User's Directory?
Does it really matter? SOX is just another way congress has come up with
to destroy the American economy, and in fact
by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
12/09/2010 12:00 PM
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: Vswitch Grant as a CMD in User's Directory?
Does it really matter? SOX is just another way congress has
On Thursday, 12/09/2010 at 12:01 EST, Tom Huegel tehue...@gmail.com
wrote:
Does it really matter? SOX is just another way congress has come up with
to
destroy the American economy, and in fact the American way of life.
When you read the law, you find that SOX is simply a way to hold
On 12/9/2010 at 01:36 PM, George Henke/NYLIC george_he...@newyorklife.com
wrote:
Does it really matter? SOX is just another way congress has come up with
to destroy the American economy, and in fact the American way of life.
Given the current real life demands on our moderator, could we kill
good point Mark
Bill Munson
From: Mark Post mp...@novell.com
To: IBMVM@LISTSERV.UARK.EDU
Date: 12/09/2010 01:46 PM
Subject:Re: Vswitch Grant as a CMD in User's Directory?
Sent by:The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
On 12/9/2010 at 01:36 PM
System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: Vswitch Grant as a CMD in User's Directory?
On Thursday, 12/09/2010 at 12:01 EST, Tom Huegel tehue...@gmail.com
wrote:
Does it really matter? SOX is just another way congress has come up with
to
destroy the American
On Thursday, 12/09/2010 at 11:41 EST, Schuh, Richard rsc...@visa.com
wrote:
Not necessarily, there is LOGONBY. They need only know their own
passwords.
They logon and access USER DIRECT. Now they know ALL the passwords. Of
course, you can have LBYONLY for everyone. But that misses the
You would HAVE to buy an ESM, whether from IBM or CA.
Or have IBM include a basic awful one (eg, RACF) in the price of VM and be
done with it. Including a basic one that can be replaced with Something
Else would make everybody (IMHO) happy. The internal cost of including
RACF can't be that large.
The issue with keeping the grants in AUTOLOG1 or in SYSTEM CONFIG is that
you have to either continually modify those files every time you create a
new Linux image, or you have to keep a separate list of Linux images
somewhere for AUTOLOG1 to read (though you probably have to anyway).
Putting the
...
__
Clovis
From:
RPN01 nix.rob...@mayo.edu
To:
IBMVM@LISTSERV.UARK.EDU
Date:
08/12/2010 11:27
Subject:
Re: Vswitch Grant as a CMD in User's Directory?
Sent by:
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
The issue with keeping the grants in AUTOLOG1
Grant as a CMD in User's Directory?
It seems to me...
Rather than putting a Vswitch Grant for each Linux guest somewhere like
AUTOLOG1's PROFILE EXEC, I thought I'd try putting a
CMD SET VSWITCH VSW1 GRANTUSERID
in the directory profile for the Linux guests...
Alas, it seems that the GRANT
System [mailto:ib...@listserv.uark.edu] On
Behalf Of RPN01
Sent: Wednesday, December 08, 2010 8:27 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
The issue with keeping the grants in AUTOLOG1 or in SYSTEM CONFIG is
that
you have to either continually modify
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Vswitch Grant as a CMD in User's Directory?
The issue with keeping the grants in AUTOLOG1 or in SYSTEM CONFIG is
that
you have to either continually modify those files every time you create
a
new Linux image, or you have to keep a separate list
On Wednesday, 12/08/2010 at 08:31 EST, RPN01 nix.rob...@mayo.edu wrote:
Is there anyone out there that actually gains security from CP users not
being granted onto their vSwitches? How many people would like to be
able to
define a vSwitch as open to the public or not requiring a grant to be
On 12/8/10 4:15 PM, Quay, Jonathan (IHG) jonathan.q...@ihg.com wrote:
I don't. I don't have any human beings on my systems except for system
programmers that have full authority anyway. Having to GRANT linux
servers is an extra thing that has to be managed. I would like to
define a vswitch as
But, should you have to have an external security manager for a system where
the majority of users are disconnected guest operating systems? Most of
today's z/VM systems have a bare minimum of real human users. CP is the
security manager for us, and it's sufficient to control the wild ramblings
It is a hard sell to management to buy an ESM if there is no audit
requirement.
On Wed, Dec 8, 2010 at 11:34 AM, David Boyes dbo...@sinenomine.net wrote:
On 12/8/10 4:15 PM, Quay, Jonathan (IHG) jonathan.q...@ihg.com wrote:
I don't. I don't have any human beings on my systems except for
first.
Tom Huegel tehue...@gmail.com
Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
12/08/2010 03:10 PM
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: Vswitch Grant as a CMD in User's Directory
On Wednesday, 12/08/2010 at 02:35 EST, David Boyes dbo...@sinenomine.net
wrote:
OTOH, I think this also argues for a bigger step: for IBM to supply a
default ESM and quit having to do it two different ways. We can always
replace the default one with something better, but there's a lot of
On Wednesday, 12/08/2010 at 03:11 EST, RPN01 nix.rob...@mayo.edu wrote:
But, should you have to have an external security manager for a system
where
the majority of users are disconnected guest operating systems?
Yes.
Most of
today's z/VM systems have a bare minimum of real human users. CP
It seems to me...
Rather than putting a Vswitch Grant for each Linux guest somewhere like
AUTOLOG1's PROFILE EXEC, I thought I'd try putting a
CMD SET VSWITCH VSW1 GRANT USERID
in the directory profile for the Linux guests...
Alas, it seems that the GRANT isn't processed till after the
Add the couple command in there too.
Marcy. Sent from my BlackBerry.
- Original Message -
From: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To: IBMVM@LISTSERV.UARK.EDU IBMVM@LISTSERV.UARK.EDU
Sent: Tue Dec 07 21:25:07 2010
Subject: [IBMVM] Vswitch Grant as a CMD in User's
All directory statements are processed *during* logon.. But, as you can
observe: the statement defining the virtual IO configuration are processed
before the CMD statements.
You could fix this chickenegg problem by defining the NIC via CMD
statements too.
2010/12/8 Lee Stewart
What seems to be the problem Lee? I did the same thing and it worked just
fine. I don't believe the order really matters. I took it out of the
directory and put it in AUTOLOG1 because in my case the LINUX guest may be
logged on and off several times during a z/VM IPL. Although it worked fine
it
this message. Thank you for
your cooperation.
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf
Of Tom Huegel
Sent: Tuesday, December 07, 2010 8:24 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] Vswitch Grant as a CMD in User's Directory?
What seems to be the problem Lee
On Tuesday, 12/07/2010 at 11:27 EST, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
What Kris said is right.
The 2nd time through you already have the access so it appears to work
After you IPL or destroy your vswitch, it wouldnât work on the first
login.
Drove me crazy.
Of course, I
...@listserv.uark.edu] On
Behalf Of Tom Huegel
Sent: Tuesday, December 07, 2010 8:24 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] Vswitch Grant as a CMD in User's Directory?
What seems to be the problem Lee? I did the same thing and it worked just
fine. I don't believe the order really
z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf
Of Alan Altmark
Sent: Tuesday, December 07, 2010 8:32 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: [IBMVM] Vswitch Grant as a CMD in User's Directory?
On Tuesday, 12/07/2010 at 11:27 EST, Marcy Cortes
marcy.d.cor...@wellsfargo.com
On Tuesday, 12/07/2010 at 11:37 EST, Marcy Cortes
marcy.d.cor...@wellsfargo.com wrote:
Well, you know... there's only the 1 ESM that uses them and we don't use
*that*
one. I'll tolerate the grants rather than switch ESMs :)
My mistake. I would have figured that by now all ESMs would
49 matches
Mail list logo
